Overview

overview

10

Static

static

8

Documents389.xlsm

windows7_x64

10

Documents389.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Documents389.xlsm

  • Size

    57KB

  • Sample

    210315-2wwpmllyd6

  • MD5

    a3df654767610cdd5ef6d8420c773ede

  • SHA1

    99c2321e718c6bec68fd11da84f9d7bfa7f4b4bc

  • SHA256

    492a8edc4386bc2194553a437c001e078bf64a90487b1896cfaccb9abfa22c01

  • SHA512

    d4df2d9d3743142d7960630a21e705b1acb50c152ab7af6f8fb445504aac8d43bf527023e5a76df95c995d8ee4794a54e27e8e5814e5245a846ab97ddeb29417

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://xgka03stox03cloeqz.com/index.gif

Targets

    • Target

      Documents389.xlsm

    • Size

      57KB

    • MD5

      a3df654767610cdd5ef6d8420c773ede

    • SHA1

      99c2321e718c6bec68fd11da84f9d7bfa7f4b4bc

    • SHA256

      492a8edc4386bc2194553a437c001e078bf64a90487b1896cfaccb9abfa22c01

    • SHA512

      d4df2d9d3743142d7960630a21e705b1acb50c152ab7af6f8fb445504aac8d43bf527023e5a76df95c995d8ee4794a54e27e8e5814e5245a846ab97ddeb29417

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks